sftp: remove requireAdmin setting. deprecated with operators

src/ldap.js

@@ -551,15 +551,6 @@ async function authenticateSftp(req, res, next) {
     res.end();
 }
 
-async function loadSftpConfig(req, res, next) {
-    const [error, servicesConfig] = await safe(settings.getServicesConfig());
-    if (error) return next(new ldap.OperationsError(error.toString()));
-
-    const sftpConfig = servicesConfig['sftp'] || {};
-    req.requireAdmin = sftpConfig.requireAdmin;
-    next();
-}
-
 async function userSearchSftp(req, res, next) {
     debug('sftp user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
 
@@ -584,10 +575,7 @@ async function userSearchSftp(req, res, next) {
     if (userGetError) return next(new ldap.OperationsError(userGetError.toString()));
     if (!user) return next(new ldap.OperationsError('Invalid username'));
 
-    if (req.requireAdmin && users.compareRoles(user.role, users.ROLE_ADMIN) < 0) return next(new ldap.InsufficientAccessRightsError('Insufficient previleges'));
-
-    const canAccess = apps.canAccess(app, user);
-    if (!canAccess) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
+    if (!apps.isOperator(app, user)) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
 
     const obj = {
         dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(),
@@ -688,7 +676,7 @@ async function start() {
     gServer.bind('ou=sendmail,dc=cloudron', authenticateMailAddon); // haraka (MSA auth)
 
     gServer.bind('ou=sftp,dc=cloudron', authenticateSftp);    // sftp
-    gServer.search('ou=sftp,dc=cloudron', loadSftpConfig, userSearchSftp);
+    gServer.search('ou=sftp,dc=cloudron', userSearchSftp);
 
     gServer.compare('cn=users,ou=groups,dc=cloudron', authenticateApp, groupUsersCompare);
     gServer.compare('cn=admins,ou=groups,dc=cloudron', authenticateApp, groupAdminsCompare);